CVE-2023-54337
Denial of Service via Password Field Overflow in Sysax Multi Server
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sysax | multi_server | 6.95 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-54337 is a denial of service vulnerability in Sysax Multi Server version 6.95. It occurs because the application does not properly validate the administrative password input field. An attacker with high privileges can input 800 bytes of repeated characters into the password field, causing the application to crash and disrupt server functionality. [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause the Sysax Multi Server application to crash, resulting in a denial of service. This disrupts server functionality and availability, potentially affecting any services relying on this server until it is restarted or fixed. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the Sysax Multi Server 6.95 application. A proof-of-concept involves generating a string of 800 repeated characters (e.g., 800 'A's) and pasting it into the administrative password field in the application settings. Specifically, you can create a file with 800 'A' characters using a command like `python -c "print('\x41' * 800)" > long_password.txt`, then copy the content to clipboard and paste it into the password field under Manage Server Settings β Administrative Settings β Configure. Saving this triggers the crash, confirming the vulnerability. Since this is a local vulnerability, network detection commands are not applicable. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting local administrative access to trusted users only, as exploitation requires high privileges and user interaction. Avoid pasting or entering excessively long strings (800 bytes or more) into the administrative password field. Monitor and limit access to the Sysax Multi Server administrative interface. Additionally, check for any vendor patches or updates addressing this issue and apply them once available. [1, 2]